@nestjs-redisx/rate-limit 1.0.0

package/dist/index.js

@@ -0,0 +1,793 @@
+'use strict';
+
+var core = require('@nestjs/core');
+var common = require('@nestjs/common');
+var core$1 = require('@nestjs-redisx/core');
+
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __decorateClass = (decorators, target, key, kind) => {
+  var result = kind > 1 ? void 0 : kind ? __getOwnPropDesc(target, key) : target;
+  for (var i = decorators.length - 1, decorator; i >= 0; i--)
+    if (decorator = decorators[i])
+      result = (decorator(result)) || result;
+  return result;
+};
+var __decorateParam = (index, decorator) => (target, key) => decorator(target, key, index);
+var RateLimitError = class extends core$1.RedisXError {
+  constructor(message, code, result, cause) {
+    super(message, code, cause, { result });
+    this.result = result;
+  }
+};
+var RateLimitExceededError = class extends RateLimitError {
+  constructor(message, result) {
+    super(message, core$1.ErrorCode.RATE_LIMIT_EXCEEDED, result);
+  }
+  /**
+   * Seconds until retry is allowed.
+   */
+  get retryAfter() {
+    return this.result?.retryAfter ?? 0;
+  }
+};
+var RateLimitScriptError = class extends RateLimitError {
+  constructor(message, cause) {
+    super(message, core$1.ErrorCode.RATE_LIMIT_SCRIPT_ERROR, void 0, cause);
+  }
+};
+
+// src/rate-limit/api/filters/rate-limit-exception.filter.ts
+exports.RateLimitExceptionFilter = class RateLimitExceptionFilter {
+  /**
+   * Catch rate limit exceeded error and format response.
+   */
+  catch(exception, host) {
+    const ctx = host.switchToHttp();
+    const response = ctx.getResponse();
+    const result = exception.result;
+    response.status(common.HttpStatus.TOO_MANY_REQUESTS).header("Retry-After", exception.retryAfter.toString()).json({
+      statusCode: common.HttpStatus.TOO_MANY_REQUESTS,
+      message: exception.message,
+      error: "Too Many Requests",
+      retryAfter: exception.retryAfter,
+      limit: result?.limit,
+      remaining: result?.remaining,
+      reset: result?.reset
+    });
+  }
+};
+exports.RateLimitExceptionFilter = __decorateClass([
+  common.Catch(RateLimitExceededError)
+], exports.RateLimitExceptionFilter);
+
+// src/shared/constants/index.ts
+var RATE_LIMIT_PLUGIN_OPTIONS = /* @__PURE__ */ Symbol.for("RATE_LIMIT_PLUGIN_OPTIONS");
+var RATE_LIMIT_SERVICE = /* @__PURE__ */ Symbol.for("RATE_LIMIT_SERVICE");
+var RATE_LIMIT_STORE = /* @__PURE__ */ Symbol.for("RATE_LIMIT_STORE");
+var RATE_LIMIT_OPTIONS = /* @__PURE__ */ Symbol.for("RATE_LIMIT_OPTIONS");
+function RateLimit(options = {}) {
+  return common.applyDecorators(common.SetMetadata(RATE_LIMIT_OPTIONS, options), common.UseGuards(exports.RateLimitGuard));
+}
+
+// src/rate-limit/api/guards/rate-limit.guard.ts
+var METRICS_SERVICE = /* @__PURE__ */ Symbol.for("METRICS_SERVICE");
+var TRACING_SERVICE = /* @__PURE__ */ Symbol.for("TRACING_SERVICE");
+exports.RateLimitGuard = class RateLimitGuard {
+  constructor(rateLimitService, config, reflector, metrics, tracing) {
+    this.rateLimitService = rateLimitService;
+    this.config = config;
+    this.reflector = reflector;
+    this.metrics = metrics;
+    this.tracing = tracing;
+  }
+  /**
+   * Guard activation logic.
+   * Checks rate limit and sets response headers.
+   */
+  async canActivate(context) {
+    const options = this.getOptions(context);
+    if (await this.shouldSkip(context, options)) {
+      return true;
+    }
+    const key = await this.extractKey(context, options);
+    const span = this.tracing?.startSpan("ratelimit.check", {
+      kind: "INTERNAL",
+      attributes: { "ratelimit.key": key }
+    });
+    try {
+      const result = await this.rateLimitService.check(key, options);
+      this.setHeaders(context, result);
+      span?.setAttribute("ratelimit.allowed", result.allowed);
+      span?.setAttribute("ratelimit.remaining", result.remaining);
+      span?.setAttribute("ratelimit.limit", result.limit);
+      if (!result.allowed) {
+        this.metrics?.incrementCounter("redisx_ratelimit_requests_total", { status: "rejected" });
+        span?.setStatus("OK");
+        throw this.createError(result, options);
+      }
+      this.metrics?.incrementCounter("redisx_ratelimit_requests_total", { status: "allowed" });
+      span?.setStatus("OK");
+      return true;
+    } catch (error) {
+      if (!(error instanceof RateLimitExceededError)) {
+        span?.recordException(error);
+        span?.setStatus("ERROR");
+      }
+      throw error;
+    } finally {
+      span?.end();
+    }
+  }
+  /**
+   * Get rate limit options from decorator metadata.
+   * Merges class-level and method-level options.
+   */
+  getOptions(context) {
+    const handlerOptions = this.reflector.get(RATE_LIMIT_OPTIONS, context.getHandler());
+    const classOptions = this.reflector.get(RATE_LIMIT_OPTIONS, context.getClass());
+    return { ...classOptions, ...handlerOptions };
+  }
+  /**
+   * Extract rate limit key from context.
+   */
+  async extractKey(context, options) {
+    const extractor = options.key ?? this.config.defaultKeyExtractor ?? "ip";
+    if (typeof extractor === "function") {
+      return await extractor(context);
+    }
+    if (typeof extractor === "string" && !["ip", "user", "apiKey"].includes(extractor)) {
+      return extractor;
+    }
+    const request = context.switchToHttp().getRequest();
+    switch (extractor) {
+      case "ip":
+        return this.getClientIp(request);
+      case "user":
+        return this.getUserId(request);
+      case "apiKey":
+        return this.getApiKey(request);
+      default:
+        return this.getClientIp(request);
+    }
+  }
+  /**
+   * Get client IP address.
+   */
+  getClientIp(request) {
+    const forwardedFor = request.headers["x-forwarded-for"];
+    if (forwardedFor) {
+      const ips = forwardedFor.split(",").map((ip) => ip.trim());
+      return ips[0] || "unknown";
+    }
+    const realIp = request.headers["x-real-ip"];
+    if (realIp) {
+      return realIp;
+    }
+    return request.ip || "unknown";
+  }
+  /**
+   * Get user ID from request.
+   */
+  getUserId(request) {
+    const userId = request.user?.id;
+    if (!userId) {
+      throw new Error("User ID not found. Ensure authentication guard runs before rate limit guard.");
+    }
+    return `user:${userId}`;
+  }
+  /**
+   * Get API key from request.
+   */
+  getApiKey(request) {
+    const apiKey = request.headers["x-api-key"] || request.headers["authorization"];
+    if (!apiKey) {
+      throw new Error("API key not found. Ensure request includes X-API-Key or Authorization header.");
+    }
+    return `apikey:${apiKey}`;
+  }
+  /**
+   * Set response headers.
+   */
+  setHeaders(context, result) {
+    if (this.config.includeHeaders === false) {
+      return;
+    }
+    const response = context.switchToHttp().getResponse();
+    const headers = this.config.headers ?? {};
+    const limitHeader = headers.limit ?? "X-RateLimit-Limit";
+    const remainingHeader = headers.remaining ?? "X-RateLimit-Remaining";
+    const resetHeader = headers.reset ?? "X-RateLimit-Reset";
+    const retryAfterHeader = headers.retryAfter ?? "Retry-After";
+    response.header(limitHeader, result.limit.toString());
+    response.header(remainingHeader, result.remaining.toString());
+    response.header(resetHeader, result.reset.toString());
+    if (!result.allowed && result.retryAfter) {
+      response.header(retryAfterHeader, result.retryAfter.toString());
+    }
+  }
+  /**
+   * Create error when rate limit exceeded.
+   */
+  createError(result, options) {
+    if (options.errorFactory) {
+      return options.errorFactory(result);
+    }
+    if (this.config.errorFactory) {
+      return this.config.errorFactory(result);
+    }
+    const message = options.message ?? `Rate limit exceeded. Try again in ${result.retryAfter || 0} seconds.`;
+    return new RateLimitExceededError(message, result);
+  }
+  /**
+   * Check if rate limiting should be skipped.
+   */
+  async shouldSkip(context, options) {
+    if (options.skip) {
+      return await options.skip(context);
+    }
+    if (this.config.skip) {
+      return await this.config.skip(context);
+    }
+    return false;
+  }
+};
+exports.RateLimitGuard = __decorateClass([
+  common.Injectable(),
+  __decorateParam(0, common.Inject(RATE_LIMIT_SERVICE)),
+  __decorateParam(1, common.Inject(RATE_LIMIT_PLUGIN_OPTIONS)),
+  __decorateParam(2, common.Inject(core.Reflector)),
+  __decorateParam(3, common.Optional()),
+  __decorateParam(3, common.Inject(METRICS_SERVICE)),
+  __decorateParam(4, common.Optional()),
+  __decorateParam(4, common.Inject(TRACING_SERVICE))
+], exports.RateLimitGuard);
+exports.RateLimitService = class RateLimitService {
+  constructor(config, store) {
+    this.config = config;
+    this.store = store;
+  }
+  /**
+   * Check and consume rate limit.
+   */
+  async check(key, config = {}) {
+    const algorithm = config.algorithm ?? this.config.defaultAlgorithm ?? "sliding-window";
+    const fullKey = this.buildKey(key, algorithm);
+    try {
+      switch (algorithm) {
+        case "fixed-window":
+          return await this.checkFixedWindow(fullKey, config);
+        case "sliding-window":
+          return await this.checkSlidingWindow(fullKey, config);
+        case "token-bucket":
+          return await this.checkTokenBucket(fullKey, config);
+        default:
+          throw new Error(`Unknown algorithm: ${algorithm}`);
+      }
+    } catch (error) {
+      return this.handleError(error, config);
+    }
+  }
+  /**
+   * Check without consuming.
+   */
+  async peek(key, config = {}) {
+    const algorithm = config.algorithm ?? this.config.defaultAlgorithm ?? "sliding-window";
+    const fullKey = this.buildKey(key, algorithm);
+    try {
+      const storeConfig = this.buildStoreConfig(algorithm, config);
+      return await this.store.peek(fullKey, algorithm, storeConfig);
+    } catch (error) {
+      return this.handleError(error, config);
+    }
+  }
+  /**
+   * Reset rate limit for key.
+   * Resets all algorithm variants (fixed-window, sliding-window, token-bucket).
+   */
+  async reset(key) {
+    const algorithms = ["fixed-window", "sliding-window", "token-bucket"];
+    await Promise.all(algorithms.map((algo) => this.store.reset(this.buildKey(key, algo))));
+  }
+  /**
+   * Get current state.
+   */
+  async getState(key, config = {}) {
+    const result = await this.peek(key, config);
+    return {
+      current: result.current,
+      limit: result.limit,
+      remaining: result.remaining,
+      resetAt: new Date(result.reset * 1e3)
+    };
+  }
+  /**
+   * Check fixed window rate limit.
+   */
+  async checkFixedWindow(key, config) {
+    const points = config.points ?? this.config.defaultPoints ?? 100;
+    const duration = config.duration ?? this.config.defaultDuration ?? 60;
+    return await this.store.fixedWindow(key, points, duration);
+  }
+  /**
+   * Check sliding window rate limit.
+   */
+  async checkSlidingWindow(key, config) {
+    const points = config.points ?? this.config.defaultPoints ?? 100;
+    const duration = config.duration ?? this.config.defaultDuration ?? 60;
+    return await this.store.slidingWindow(key, points, duration);
+  }
+  /**
+   * Check token bucket rate limit.
+   */
+  async checkTokenBucket(key, config) {
+    const capacity = config.capacity ?? config.points ?? this.config.defaultPoints ?? 100;
+    const refillRate = config.refillRate ?? (config.duration ? capacity / config.duration : 10);
+    return await this.store.tokenBucket(key, capacity, refillRate, 1);
+  }
+  /**
+   * Build store configuration.
+   */
+  buildStoreConfig(algorithm, config) {
+    const baseConfig = {
+      points: config.points ?? this.config.defaultPoints ?? 100,
+      duration: config.duration ?? this.config.defaultDuration ?? 60
+    };
+    if (algorithm === "token-bucket") {
+      const capacity = config.capacity ?? baseConfig.points;
+      const refillRate = config.refillRate ?? capacity / baseConfig.duration;
+      return { capacity, refillRate };
+    }
+    return baseConfig;
+  }
+  /**
+   * Handle error based on error policy.
+   */
+  handleError(error, config) {
+    const errorPolicy = this.config.errorPolicy ?? "fail-closed";
+    if (errorPolicy === "fail-open") {
+      const points = config.points ?? this.config.defaultPoints ?? 100;
+      const duration = config.duration ?? this.config.defaultDuration ?? 60;
+      return {
+        allowed: true,
+        limit: points,
+        remaining: points,
+        reset: Math.floor(Date.now() / 1e3) + duration,
+        current: 0
+      };
+    }
+    throw new RateLimitScriptError(`Rate limit check failed: ${error.message}`, error);
+  }
+  /**
+   * Build full key with prefix and algorithm.
+   * Including algorithm prevents WRONGTYPE errors when different algorithms
+   * use different Redis data types for the same logical key.
+   */
+  buildKey(key, algorithm) {
+    const prefix = this.config.keyPrefix ?? "rl:";
+    const algoPrefix = algorithm ? `${algorithm}:` : "";
+    return `${prefix}${algoPrefix}${key}`;
+  }
+};
+exports.RateLimitService = __decorateClass([
+  common.Injectable(),
+  __decorateParam(0, common.Inject(RATE_LIMIT_PLUGIN_OPTIONS)),
+  __decorateParam(1, common.Inject(RATE_LIMIT_STORE))
+], exports.RateLimitService);
+
+// src/rate-limit/infrastructure/scripts/lua-scripts.ts
+var FIXED_WINDOW_SCRIPT = `
+local key = KEYS[1]
+local max_points = tonumber(ARGV[1])
+local duration = tonumber(ARGV[2])
+local now = tonumber(ARGV[3])
+
+local window = math.floor(now / duration) * duration
+local window_key = '{' .. key .. '}:' .. window
+
+local current = redis.call('INCR', window_key)
+
+if current == 1 then
+  redis.call('EXPIRE', window_key, duration)
+end
+
+local allowed = current <= max_points
+local remaining = math.max(0, max_points - current)
+local reset = window + duration
+
+return {allowed and 1 or 0, remaining, reset, current}
+`.trim();
+var SLIDING_WINDOW_SCRIPT = `
+local key = KEYS[1]
+local max_points = tonumber(ARGV[1])
+local duration = tonumber(ARGV[2]) * 1000  -- Convert to ms
+local now = tonumber(ARGV[3])
+local request_id = ARGV[4]
+
+local window_start = now - duration
+
+-- Remove expired entries
+redis.call('ZREMRANGEBYSCORE', key, '-inf', window_start)
+
+-- Count current requests
+local current = redis.call('ZCARD', key)
+
+if current < max_points then
+  -- Add new request
+  redis.call('ZADD', key, now, request_id)
+  redis.call('PEXPIRE', key, duration)
+
+  return {1, max_points - current - 1, math.ceil((now + duration) / 1000), current + 1}
+else
+  -- Get oldest entry to calculate retry time
+  local oldest = redis.call('ZRANGE', key, 0, 0, 'WITHSCORES')
+  local retry_after = 0
+  if #oldest > 0 then
+    retry_after = math.ceil((tonumber(oldest[2]) + duration - now) / 1000)
+  end
+
+  return {0, 0, math.ceil((now + duration) / 1000), current, retry_after}
+end
+`.trim();
+var TOKEN_BUCKET_SCRIPT = `
+local key = KEYS[1]
+local capacity = tonumber(ARGV[1])
+local refill_rate = tonumber(ARGV[2])
+local now = tonumber(ARGV[3])
+local consume = tonumber(ARGV[4]) or 1
+
+-- Get current state
+local bucket = redis.call('HMGET', key, 'tokens', 'last_refill')
+local tokens = tonumber(bucket[1]) or capacity
+local last_refill = tonumber(bucket[2]) or now
+
+-- Calculate refill
+local elapsed = (now - last_refill) / 1000  -- Convert to seconds
+local refill = elapsed * refill_rate
+tokens = math.min(capacity, tokens + refill)
+
+-- Try to consume
+local allowed = tokens >= consume
+local new_tokens = tokens
+
+if allowed then
+  new_tokens = tokens - consume
+end
+
+-- Save state
+redis.call('HMSET', key, 'tokens', new_tokens, 'last_refill', now)
+redis.call('PEXPIRE', key, math.ceil(capacity / refill_rate * 1000) + 1000)
+
+local retry_after = 0
+if not allowed then
+  retry_after = math.ceil((consume - new_tokens) / refill_rate)
+end
+
+-- Calculate reset time (when bucket will be full again)
+local time_to_full = (capacity - new_tokens) / refill_rate
+local reset = math.ceil(now / 1000 + time_to_full)
+
+return {allowed and 1 or 0, math.floor(new_tokens), reset, math.floor(tokens), retry_after}
+`.trim();
+
+// src/rate-limit/infrastructure/adapters/redis-rate-limit-store.adapter.ts
+var RedisRateLimitStoreAdapter = class {
+  constructor(driver) {
+    this.driver = driver;
+  }
+  fixedWindowSha = null;
+  slidingWindowSha = null;
+  tokenBucketSha = null;
+  /**
+   * Pre-load Lua scripts on module initialization.
+   */
+  async onModuleInit() {
+    try {
+      this.fixedWindowSha = await this.driver.scriptLoad(FIXED_WINDOW_SCRIPT);
+      this.slidingWindowSha = await this.driver.scriptLoad(SLIDING_WINDOW_SCRIPT);
+      this.tokenBucketSha = await this.driver.scriptLoad(TOKEN_BUCKET_SCRIPT);
+    } catch (error) {
+      throw new RateLimitScriptError(`Failed to load Lua scripts: ${error.message}`, error);
+    }
+  }
+  /**
+   * Fixed window rate limiting.
+   */
+  async fixedWindow(key, points, duration) {
+    const now = Math.floor(Date.now() / 1e3);
+    try {
+      const result = await this.driver.evalsha(this.fixedWindowSha, [key], [points, duration, now]);
+      return this.parseFixedWindowResult(result, points);
+    } catch (error) {
+      if (this.isNoScriptError(error)) {
+        const result = await this.driver.eval(FIXED_WINDOW_SCRIPT, [key], [points, duration, now]);
+        return this.parseFixedWindowResult(result, points);
+      }
+      throw new RateLimitScriptError(`Fixed window check failed: ${error.message}`, error);
+    }
+  }
+  /**
+   * Sliding window rate limiting.
+   */
+  async slidingWindow(key, points, duration) {
+    const now = Date.now();
+    const requestId = `${now}-${Math.random().toString(36).substring(7)}`;
+    try {
+      const result = await this.driver.evalsha(this.slidingWindowSha, [key], [points, duration, now, requestId]);
+      return this.parseSlidingWindowResult(result, points);
+    } catch (error) {
+      if (this.isNoScriptError(error)) {
+        const result = await this.driver.eval(SLIDING_WINDOW_SCRIPT, [key], [points, duration, now, requestId]);
+        return this.parseSlidingWindowResult(result, points);
+      }
+      throw new RateLimitScriptError(`Sliding window check failed: ${error.message}`, error);
+    }
+  }
+  /**
+   * Token bucket rate limiting.
+   */
+  async tokenBucket(key, capacity, refillRate, consume = 1) {
+    const now = Date.now();
+    try {
+      const result = await this.driver.evalsha(this.tokenBucketSha, [key], [capacity, refillRate, now, consume]);
+      return this.parseTokenBucketResult(result, capacity);
+    } catch (error) {
+      if (this.isNoScriptError(error)) {
+        const result = await this.driver.eval(TOKEN_BUCKET_SCRIPT, [key], [capacity, refillRate, now, consume]);
+        return this.parseTokenBucketResult(result, capacity);
+      }
+      throw new RateLimitScriptError(`Token bucket check failed: ${error.message}`, error);
+    }
+  }
+  /**
+   * Peek current state without consuming.
+   * Note: This is a simplified implementation.
+   * For accurate peek, we would need separate Lua scripts.
+   */
+  async peek(key, algorithm, config) {
+    try {
+      if (algorithm === "fixed-window") {
+        const now = Math.floor(Date.now() / 1e3);
+        const duration = config.duration || 60;
+        const window = Math.floor(now / duration) * duration;
+        const windowKey = `${key}:${window}`;
+        const currentStr = await this.driver.get(windowKey);
+        const current = currentStr ? parseInt(currentStr, 10) : 0;
+        const points2 = config.points || 100;
+        return {
+          allowed: current < points2,
+          limit: points2,
+          remaining: Math.max(0, points2 - current),
+          reset: window + duration,
+          current
+        };
+      } else if (algorithm === "sliding-window") {
+        const count = await this.driver.zcard(key);
+        const points2 = config.points || 100;
+        const duration = config.duration || 60;
+        return {
+          allowed: count < points2,
+          limit: points2,
+          remaining: Math.max(0, points2 - count),
+          reset: Math.floor(Date.now() / 1e3) + duration,
+          current: count
+        };
+      }
+      const points = config.capacity || 100;
+      return {
+        allowed: true,
+        limit: points,
+        remaining: points,
+        reset: Math.floor(Date.now() / 1e3) + 60,
+        current: 0
+      };
+    } catch (error) {
+      throw new RateLimitScriptError(`Peek failed: ${error.message}`, error);
+    }
+  }
+  /**
+   * Reset rate limit key.
+   */
+  async reset(key) {
+    try {
+      await this.driver.del(key);
+    } catch (error) {
+      throw new RateLimitScriptError(`Reset failed: ${error.message}`, error);
+    }
+  }
+  /**
+   * Parse fixed window script result.
+   * Returns: {allowed, remaining, reset, current}
+   */
+  parseFixedWindowResult(result, limit) {
+    const allowed = result[0] ?? 0;
+    const remaining = result[1] ?? 0;
+    const reset = result[2] ?? 0;
+    const current = result[3] ?? 0;
+    return {
+      allowed: allowed === 1,
+      limit,
+      remaining,
+      reset,
+      current,
+      retryAfter: allowed === 0 ? Math.ceil(reset - Date.now() / 1e3) : void 0
+    };
+  }
+  /**
+   * Parse sliding window script result.
+   * Returns: {allowed, remaining, reset, current, retryAfter?}
+   */
+  parseSlidingWindowResult(result, limit) {
+    const allowed = result[0] ?? 0;
+    const remaining = result[1] ?? 0;
+    const reset = result[2] ?? 0;
+    const current = result[3] ?? 0;
+    const retryAfter = result[4];
+    return {
+      allowed: allowed === 1,
+      limit,
+      remaining,
+      reset,
+      current,
+      retryAfter: retryAfter ? Math.max(0, retryAfter) : void 0
+    };
+  }
+  /**
+   * Parse token bucket script result.
+   * Returns: {allowed, remaining, reset, current, retryAfter?}
+   */
+  parseTokenBucketResult(result, capacity) {
+    const allowed = result[0] ?? 0;
+    const remaining = result[1] ?? 0;
+    const reset = result[2] ?? 0;
+    const current = result[3] ?? 0;
+    const retryAfter = result[4];
+    return {
+      allowed: allowed === 1,
+      limit: capacity,
+      remaining,
+      reset,
+      // Unix timestamp when bucket will be full again
+      current,
+      retryAfter: retryAfter ? Math.max(0, retryAfter) : void 0
+    };
+  }
+  /**
+   * Check if error is NOSCRIPT error.
+   */
+  isNoScriptError(error) {
+    const message = error.message;
+    return message.includes("NOSCRIPT") || message.includes("No matching script");
+  }
+};
+RedisRateLimitStoreAdapter = __decorateClass([
+  common.Injectable(),
+  __decorateParam(0, common.Inject(core$1.REDIS_DRIVER))
+], RedisRateLimitStoreAdapter);
+
+// src/rate-limit.plugin.ts
+var DEFAULT_RATE_LIMIT_CONFIG = {
+  defaultAlgorithm: "sliding-window",
+  defaultPoints: 100,
+  defaultDuration: 60,
+  keyPrefix: "rl:",
+  defaultKeyExtractor: "ip",
+  includeHeaders: true,
+  headers: {
+    limit: "X-RateLimit-Limit",
+    remaining: "X-RateLimit-Remaining",
+    reset: "X-RateLimit-Reset",
+    retryAfter: "Retry-After"
+  },
+  errorPolicy: "fail-closed"
+};
+var RateLimitPlugin = class {
+  constructor(options = {}) {
+    this.options = options;
+  }
+  name = "rate-limit";
+  version = "0.1.0";
+  description = "Rate limiting with fixed-window, sliding-window, and token-bucket algorithms";
+  getProviders() {
+    const config = {
+      defaultAlgorithm: this.options.defaultAlgorithm ?? DEFAULT_RATE_LIMIT_CONFIG.defaultAlgorithm,
+      defaultPoints: this.options.defaultPoints ?? DEFAULT_RATE_LIMIT_CONFIG.defaultPoints,
+      defaultDuration: this.options.defaultDuration ?? DEFAULT_RATE_LIMIT_CONFIG.defaultDuration,
+      keyPrefix: this.options.keyPrefix ?? DEFAULT_RATE_LIMIT_CONFIG.keyPrefix,
+      defaultKeyExtractor: this.options.defaultKeyExtractor ?? DEFAULT_RATE_LIMIT_CONFIG.defaultKeyExtractor,
+      includeHeaders: this.options.includeHeaders ?? DEFAULT_RATE_LIMIT_CONFIG.includeHeaders,
+      headers: {
+        ...DEFAULT_RATE_LIMIT_CONFIG.headers,
+        ...this.options.headers
+      },
+      errorPolicy: this.options.errorPolicy ?? DEFAULT_RATE_LIMIT_CONFIG.errorPolicy,
+      skip: this.options.skip,
+      errorFactory: this.options.errorFactory
+    };
+    return [
+      { provide: RATE_LIMIT_PLUGIN_OPTIONS, useValue: config },
+      { provide: RATE_LIMIT_STORE, useClass: RedisRateLimitStoreAdapter },
+      { provide: RATE_LIMIT_SERVICE, useClass: exports.RateLimitService },
+      // Reflector is needed for @RateLimit decorator metadata
+      core.Reflector,
+      // Guard must be in providers for proper DI
+      exports.RateLimitGuard,
+      // Global exception filter to return 429 instead of 500
+      { provide: core.APP_FILTER, useClass: exports.RateLimitExceptionFilter }
+    ];
+  }
+  getExports() {
+    return [RATE_LIMIT_PLUGIN_OPTIONS, RATE_LIMIT_SERVICE, exports.RateLimitGuard];
+  }
+};
+
+// src/rate-limit/domain/strategies/fixed-window.strategy.ts
+var FixedWindowStrategy = class {
+  constructor(store) {
+    this.store = store;
+  }
+  name = "fixed-window";
+  getScript() {
+    return FIXED_WINDOW_SCRIPT;
+  }
+  async check(key, config) {
+    if (!this.store) {
+      throw new Error("FixedWindowStrategy requires an IRateLimitStore. Pass it via constructor or use RateLimitService instead.");
+    }
+    const points = config.points ?? 100;
+    const duration = config.duration ?? 60;
+    return this.store.fixedWindow(key, points, duration);
+  }
+};
+
+// src/rate-limit/domain/strategies/sliding-window.strategy.ts
+var SlidingWindowStrategy = class {
+  constructor(store) {
+    this.store = store;
+  }
+  name = "sliding-window";
+  getScript() {
+    return SLIDING_WINDOW_SCRIPT;
+  }
+  async check(key, config) {
+    if (!this.store) {
+      throw new Error("SlidingWindowStrategy requires an IRateLimitStore. Pass it via constructor or use RateLimitService instead.");
+    }
+    const points = config.points ?? 100;
+    const duration = config.duration ?? 60;
+    return this.store.slidingWindow(key, points, duration);
+  }
+};
+
+// src/rate-limit/domain/strategies/token-bucket.strategy.ts
+var TokenBucketStrategy = class {
+  constructor(store) {
+    this.store = store;
+  }
+  name = "token-bucket";
+  getScript() {
+    return TOKEN_BUCKET_SCRIPT;
+  }
+  async check(key, config) {
+    if (!this.store) {
+      throw new Error("TokenBucketStrategy requires an IRateLimitStore. Pass it via constructor or use RateLimitService instead.");
+    }
+    const capacity = config.capacity ?? config.points ?? 100;
+    const refillRate = config.refillRate ?? (config.duration ? capacity / config.duration : 10);
+    return this.store.tokenBucket(key, capacity, refillRate, 1);
+  }
+};
+
+exports.FixedWindowStrategy = FixedWindowStrategy;
+exports.RATE_LIMIT_OPTIONS = RATE_LIMIT_OPTIONS;
+exports.RATE_LIMIT_PLUGIN_OPTIONS = RATE_LIMIT_PLUGIN_OPTIONS;
+exports.RATE_LIMIT_SERVICE = RATE_LIMIT_SERVICE;
+exports.RATE_LIMIT_STORE = RATE_LIMIT_STORE;
+exports.RateLimit = RateLimit;
+exports.RateLimitError = RateLimitError;
+exports.RateLimitExceededError = RateLimitExceededError;
+exports.RateLimitPlugin = RateLimitPlugin;
+exports.RateLimitScriptError = RateLimitScriptError;
+exports.SlidingWindowStrategy = SlidingWindowStrategy;
+exports.TokenBucketStrategy = TokenBucketStrategy;
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map